Skip to main content
SANtricity 11.6
A newer release of this product is available.

Use CA-signed certificates

Contributors netapp-jolieg

You can obtain and import CA-signed certificates for secure access to the management system hosting Unified Manager.

Before you begin
  • You must be logged in with a user profile that includes Security admin permissions. Otherwise, certificate functions do not appear.

About this task

Using CA-signed certificates is a two-step procedure.

Step 1: Complete and submit a CSR

You must first generate a certificate signing request (CSR) file and send it to the CA.

Before you begin
  • You must be logged in with a user profile that includes Security admin permissions. Otherwise, certificate functions do not appear.

About this task

This task describes how to generate the CSR file that you send to a CA to receive signed, management certificates for the system hosting Unified Manager and the Web Services Proxy. You must provide information about your organization, plus the IP address or DNS name of the host system.

Caution

Do not generate a new CSR after submission to the CA. When you generate a CSR, the system creates a private and public key pair. The public key is part of the CSR, while the private key is kept in the keystore. When you receive the signed certificates and import them into the keystore, the system ensures that both the private and public keys are the original pair. Therefore, you must not generate a new CSR after submitting one to the CA. If you do, the controllers generate new keys, and the certificates you receive from the CA will not work.

Steps
  1. Select Certificate Management.

  2. From the Management tab, select Complete CSR.

  3. Enter the following information, and then click Next:

    • Organization — The full, legal name of your company or organization. Include suffixes, such as Inc. or Corp.

    • Organizational unit (optional) — The division of your organization that is handling the certificate.

    • City/Locality — The city where your host system or business is located.

    • State/Region (optional) — The state or region where your host system or business is located.

    • Country ISO code — Your country's two-digit ISO (International Organization for Standardization) code, such as US.

  4. Enter the following information about the host system:

    • Common name — The IP address or DNS name of the host system where the Web Services Proxy is installed. Make sure this address is correct; it must match exactly what you enter to access Unified Manager in the browser. Do not include http:// or https://.

    • Alternate IP addresses — If the common name is an IP address, you can optionally enter any additional IP addresses or aliases for the host system. For multiple entries, use a comma-delimited format.

    • Alternate DNS names — If the common name is a DNS name, enter any additional DNS names for the host system. For multiple entries, use a comma-delimited format. If there are no alternate DNS names, but you entered a DNS name in the first field, copy that name here.

  5. Click Finish.

    A CSR file is downloaded to your local system. The folder location of the download depends on your browser.

  6. Submit the CSR file to a CA and request signed certificates in PEM or DER format.

After you finish

Wait for the CA to return the certificate files, and then go to Step 2: Import management certificates.

Step 2: Import management certificates

After you receive signed certificates, import the certificate chain for the host system where the Unified Manager interface is installed.

Before you begin
  • You must be logged in with a user profile that includes Security admin permissions. Otherwise, certificate functions do not appear.

  • You have generated a certificate signing request (.CSR file) and sent it to the CA.

  • The CA returned trusted certificate files.

  • The certificate files are installed on your local system.

  • If the CA provided a chained certificate (for example, a .p7b file), you must unpack the chained file into individual files: the root certificate, one or more intermediate certificates, and the server certificate. You can use the Windows certmgr utility to unpack the files (right-click and select menu:All Tasks[Export]). When the exports are complete, a CER file is shown for each certificate file in the chain.

Steps
  1. Select Certificate Management.

  2. From the Management tab, select Import.

    A dialog box opens for importing the certificate files.

  3. Click Browse to first select the root and intermediate files, and then select the server certificate.

    The filenames are displayed in the dialog box.

  4. Click Import.

Results

The files are uploaded and validated. The certificate information displays on the Certificate Management page.